Sharing information between nexuses that use different classification schemes for information access control

US 10,891,312 B2
Filed: 12/04/2017
Issued: 01/12/2021
Est. Priority Date: 10/22/2012
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

exporting a first copy of data associated with an access control list and stored by a first database system to a second database system, the data stored by the first database system subject to a first classification designation, the first classification designation used by the first database system for controlling access to information stored by the first database system;

during import of the first copy of the data exported;

determining that the first copy of the data exported corresponds with a particular translation path that is the shortest among a plurality of translation paths identified in the first copy of data, the particular translation path indicating a particular origin classification associated with a particular classification designation and for updating the access control list, and, in response, mapping, using a translation map associated with the second database system, the first classification designation to a second classification designation, the second classification designation used by the second database system for controlling access to information stored by the second database system, the first classification designation being different than the second classification designation; and

causing the second database system to store a second copy of the data subject to the second classification designation.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for sharing information between distributed computer systems connected to one or more data networks. In particular, a replication system implements methodologies for sharing database information between computer systems where the databases use different classification schemes for information access control.

441 Citations

19 Claims

1. A method, comprising:
- exporting a first copy of data associated with an access control list and stored by a first database system to a second database system, the data stored by the first database system subject to a first classification designation, the first classification designation used by the first database system for controlling access to information stored by the first database system;
  
  during import of the first copy of the data exported;
  
  determining that the first copy of the data exported corresponds with a particular translation path that is the shortest among a plurality of translation paths identified in the first copy of data, the particular translation path indicating a particular origin classification associated with a particular classification designation and for updating the access control list, and, in response, mapping, using a translation map associated with the second database system, the first classification designation to a second classification designation, the second classification designation used by the second database system for controlling access to information stored by the second database system, the first classification designation being different than the second classification designation; and
  
  causing the second database system to store a second copy of the data subject to the second classification designation.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - exporting a third copy of the data from the second database system to the first database system; and
      
      during import of the third copy of the data exported;
      
      causing the first database system to store a fourth copy of the data subject to the first classification designation in the first database system.
  - 3. The method of claim 1, further comprising:
    - modifying the second copy of the data in the second database system to produce changed data in the second database system, the changed data subject to the second classification designation in the second database system;
      
      exporting a first copy of the changed data from the second database system to the first database system; and
      
      during import of the first copy of the changed data exported;
      
      causing the first database system to store a second copy of the changed data subject to the first classification designation in the first database system.
  - 4. The method of claim 1, further comprising:
    - exporting an origin classification to the second database system, the origin classification exported for the first copy of the data exported;
      
      during the import of the first copy of the data exported;
      
      determining that the data stored by the first database system is subject to first classification designation in the first database system based on the origin classification; and
      
      wherein the mapping the first classification designation to the second classification designation is performed responsive to determining that the data stored by the first database system is subject to the first classification designation in the first database system.
  - 5. The method of claim 1, further comprising:
    - after the import of the first copy of the data exported;
      
      modifying the data stored in the first database system to produced changed data in the first database system, the changed data subject to the first classification designation in the first database system;
      
      exporting a first copy of the changed data from the first database system to the second database system;
      
      during import of the first copy of the changed data exported;
      
      mapping the first classification designation to the second classification designation; and
      
      causing the second database system to store a second copy of the changed data subject to the second classification designation in the second database system.
  - 6. The method of claim 1, wherein the first copy of the data exported reflects a database information item stored in the first database system.
  - 7. The method of claim 1, wherein the first classification designation is stored in an access control list associated with the data in the first database system.
  - 8. The method of claim 1, wherein determining that the first copy of the data exported corresponds with a particular translation path that is the shortest, comprises:
    - determining a set of origin classifications from the first copy of the data;
      
      iterating over the set of origin classifications starting from a lowest ranked original classification until a translatable origin classification in the first copy of the data exported is found for which there is a translation rule in the translation map for translating a classification string of the translatable origin classification from the first classification designation to the second classification designation.
  - 9. The method of claim 1, wherein the translation map includes translation rules between every two classification designations used in a replication group.

10. One or more non-transitory computer-readable media storing one or more programs for execution by one or more processors, the one or more processors comprising instructions configured for:
- exporting a first copy of data associated with an access control list and stored by a first database system to a second database system, the data stored by the first database system subject to a first classification designation, the first classification designation used by the first database system for controlling access to information stored by the first database system;
  
  during import of the first copy of the data exported;
  
  determining that the first copy of the data exported corresponds with a particular translation path that is the shortest among a plurality of translation paths identified in the first copy of data, the particular translation path indicating a particular origin classification associated with a particular classification designation and for updating the access control list, and, in response, mapping, using a translation map associated with the second database system, the first classification designation to a second classification designation, the second classification designation used by the second database system for controlling access to information stored by the second database system, the first classification designation being different than the second classification designation; and
  
  causing the second database system to store a second copy of the data subject to the second classification designation.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The one or more non-transitory computer-readable media of claim 10, the instructions further configured for:
    - exporting a third copy of the data from the second database system to the first database system; and
      
      during import of the third copy of the data exported;
      
      causing the first database system to store a fourth copy of the data subject to the first classification designation in the first database system.
  - 12. The one or more non-transitory computer-readable media of claim 10, the instructions further configured for:
    - modifying the second copy of the data in the second database system to produce changed data in the second database system, the changed data subject to the second classification designation in the second database system;
      
      exporting a first copy of the changed data from the second database system to the first database system; and
      
      during import of the first copy of the changed data exported;
      
      causing the first database system to store a second copy of the changed data subject to the first classification designation in the first database system.
  - 13. The one or more non-transitory computer-readable media of claim 10, the instructions further configured for:
    - exporting an origin classification to the second database system, the origin classification exported for the first copy of the data exported;
      
      during the import of the first copy of the data exported;
      
      determining that the data stored by the first database system is subject to first classification designation in the first database system based on the origin classification; and
      
      wherein the mapping the first classification designation to the second classification designation is performed responsive to determining that the data stored by the first database system is subject to the first classification designation in the first database system.
  - 14. The one or more non-transitory computer-readable media of claim 10, the instructions further configured for:
    - after the import of the first copy of the data exported;
      
      modifying the data stored in the first database system to produced changed data in the first database system, the changed data subject to the first classification designation in the first database system;
      
      exporting a first copy of the changed data from the first database system to the second database system;
      
      during import of the first copy of the changed data exported;
      
      mapping the first classification designation to the second classification designation; and
      
      causing the second database system to store a second copy of the changed data subject to the second classification designation in the second database system.

15. A computing system, comprising:
- one or more processors;
  
  storage media;
  
  one or more programs stored in the storage media and configured for execution by the one or more processors, the one or more programs comprising instructions configured for;
  
  exporting a first copy of data associated with an access control list and stored by a first database system to a second database system, the data stored by the first database system subject to a first classification designation, the first classification designation used by the first database system for controlling access to information stored by the first database system;
  
  during import of the first copy of the data exported;
  
  determining that the first copy of the data exported corresponds with a particular translation path that is the shortest among a plurality of translation paths identified in the first copy of data, the particular translation path indicating a particular origin classification associated with a particular classification designation and for updating the access control list, and, in response, mapping, using a translation map associated with the second database system, the first classification designation to a second classification designation, the second classification designation used by the second database system for controlling access to information stored by the second database system, the first classification designation being different than the second classification designation; and
  
  causing the second database system to store a second copy of the data subject to the second classification designation.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The computing system of claim 15, the instructions further configured for:
    - exporting a third copy of the data from the second database system to the first database system; and
      
      during import of the third copy of the data exported;
      
      causing the first database system to store a fourth copy of the data subject to the first classification designation in the first database system.
  - 17. The computing system of claim 15, the instructions further configured for:
    - modifying the second copy of the data in the second database system to produce changed data in the second database system, the changed data subject to the second classification designation in the second database system;
      
      exporting a first copy of the changed data from the second database system to the first database system; and
      
      during import of the first copy of the changed data exported;
      
      causing the first database system to store a second copy of the changed data subject to the first classification designation in the first database system.
  - 18. The computing system of claim 15, the instructions further configured for:
    - exporting an origin classification to the second database system, the origin classification exported for the first copy of the data exported;
      
      during the import of the first copy of the data exported;
      
      determining that the data stored by the first database system is subject to first classification designation in the first database system based on the origin classification; and
      
      wherein the mapping the first classification designation to the second classification designation is performed responsive to determining that the data stored by the first database system is subject to the first classification designation in the first database system.
  - 19. The computing system of claim 15, the instructions further configured for:
    - after the import of the first copy of the data exported;
      
      modifying the data stored in the first database system to produced changed data in the first database system, the changed data subject to the first classification designation in the first database system;
      
      exporting a first copy of the changed data from the first database system to the second database system;
      
      during import of the first copy of the changed data exported;
      
      mapping the first classification designation to the second classification designation; and
      
      causing the second database system to store a second copy of the changed data subject to the second classification designation in the second database system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Palantir Technologies Incorporated
Original Assignee
Palantir Technologies Incorporated
Inventors
Ducott, III, Richard Allen, Garrod, John Kenneth, Tasinga, Khan
Primary Examiner(s)
Chbouki, Tarek

Application Number

US15/830,326
Publication Number

US 20180107731A1
Time in Patent Office

1,135 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/1837   Management specially adapte...

G06F 16/213   with details for schema evo...

G06F 16/24578   using ranking

G06F 16/27   Replication, distribution o...

G06F 16/273   Asynchronous replication or...

G06F 16/285   Clustering or classification

G06F 16/8358   Query translation

G06F 16/951   Indexing; Web crawling tech...

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 21/6236   between heterogeneous systems

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/105   Multiple levels of security

Sharing information between nexuses that use different classification schemes for information access control

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

441 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Sharing information between nexuses that use different classification schemes for information access control

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

441 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links